Run systemd service in network namespace

arianvp · August 28, 2019, 3:45pm

For your interest, in NixOS 19.09 you’ll be able to directly specify the netns for a service to Join

systemd/systemd/blob/4b259b3c63eeefe4cd52fa3b169b1ca4b19f13e9/NEWS#L525-L527


      
          * A new unit setting NetworkNamespacePath= may be used to specify a
            namespace for service or socket units through a path referring to a
            Linux network namespace pseudo-file.

So this could simplify your code a bit

# netns@.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=${pkgs.iproute}/bin/ip netns add %I
ExecStop=${pkgs.iproute}/bin/ip netns del %I

# myservice.service
[Unit]
BindsTo=netns@wg.service
After=netns@wg.service
NetworkNamespacePath=/var/run/netns/wg
[Service]
ExecStart=myservice